Security Analysis of Password-Authenticated Key Agreement Protocols

Shim, Kyung-Ah; Seo, Seung-Hyun

doi:10.1007/11599371_5

Security Analysis of Password-Authenticated Key Agreement Protocols

Kyung-Ah Shim²⁰ &
Seung-Hyun Seo²¹

Conference paper

863 Accesses
4 Citations

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3810))

Abstract

Recently, there have been proposed a number of password-authenticated key agreement protocols for two-party setting or three-party setting. In this paper, we show that recently proposed three password-authenticated key agreement protocols in [11,12,10] are insecure against several active attacks including a stolen-verifier attack, an off-line password guessing attack and impersonation attacks.

This work was supported by the Korea Research Foundation Grant funded by the Korean Government(MOEHRD).(KRF-2005-217-C00002).

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bellovin, S.M., Merritt, M.: Encrypted key exchange: Password-based protocols secure against dictionary attacks. In: Proc. of the 1992 IEEE Computer Society Conference on Research in security and Privacy, pp. 72–84 (1992)
Google Scholar
Bellovin, S.M., Merritt, M.: Augmented encrypted key exchange: Password-based protocols secure against dictionary attacks and password file compromise, Technical report, AT&T Bell Laboratories (1994)
Google Scholar
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure Against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Chapter Google Scholar
Boyko, V., MacKenzie, P., Patel, S.: Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000)
Chapter Google Scholar
Byun, J., Jeong, I., Lee, D., Park, C.: Password-authenticated key exchange between clients with different passwords. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 134–146. Springer, Heidelberg (2002)
Chapter Google Scholar
Chen, L.: A weakness of the password-authenticated key exchange between clients with different passwords scheme, The documnet was being circulated for consideration at the 27th SC27/WG2 meeting in Paris, France, 2003-10-20/24 (2003)
Google Scholar
Ding, Y., Horster, P.: Undetectable on-line password guessing attacks. ACM Operating Systems Review 29(4), 77–86 (1995)
Article Google Scholar
Jablon, D.: Extended password methods immune to dictionary attack. In: Proc. of the WETICE 1997 Enterprise Security Workshop, Cambridge, MA (June 1997)
Google Scholar
Jablon, D.: Strong password-only authenticated key exchange. Computer Communication Review 26(5), 5–26 (1996)
Article Google Scholar
Kim, J., Kim, S., Kwak, J., Won, D.: Cryptanalysis and improvment of password-authenticated key exchange between clients with different passwords. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 895–902. Springer, Heidelberg (2004)
Chapter Google Scholar
Lee, S.-W., Kim, W.-H., Kim, H.-S., Yoo, K.-Y.: Efficient password-based authenticated key agreement protocol. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3046, pp. 617–626. Springer, Heidelberg (2004)
Chapter Google Scholar
Lee, S.-W., Kim, H.-S., Yoo, K.-Y.: Efficient verifier-based key agreement protocol for three parties without server’s public key. Applied Mathematics and Computation (in press)
Google Scholar
Lin, C.-L., Sun, H.-M., Hwang, T.: Three-party encrypted key exchange: attacks and a solution. ACM Operating Systems Review 34(4), 12–20 (2000)
Article Google Scholar
MacKenzie, P., Swaminathan, R.: Secure Network Authentication with Password Identification, Submission to IEEE P1363a (1999)
Google Scholar
Steiner, M., Tsudik, G., Waidner, M.: Refinement and extension of encrypted key exchange. ACM Operating System review 29(3) (July 1995)
Google Scholar
Wu, T.: The secure remote password protocol. In: Internet Society Symposium on Network and Distribute System Security, pp. 97–111 (1998)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Mathematics,
Kyung-Ah Shim
Department of Computer Science and Engineering, Ewha Womans University, Seoul, Korea
Seung-Hyun Seo

Authors

Kyung-Ah Shim
View author publications
You can also search for this author in PubMed Google Scholar
Seung-Hyun Seo
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science, University College London,
Yvo G. Desmedt
Centre for Advanced Computing - Algorithms and Cryptography Department of Computing, Macquarie University, Australia
Huaxiong Wang
Centre for Computer and Information Security Research School of Computer Science and Software Engineering, University of Wollongong, Australia
Yi Mu
Fujian Normal University, 350007, Fuzhou, Fujian, China
Yongqing Li

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Shim, KA., Seo, SH. (2005). Security Analysis of Password-Authenticated Key Agreement Protocols. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds) Cryptology and Network Security. CANS 2005. Lecture Notes in Computer Science, vol 3810. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599371_5

Download citation

DOI: https://doi.org/10.1007/11599371_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30849-2
Online ISBN: 978-3-540-32298-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics